Botnet Installing NiceRAT Malware
June 13, 2024, 1:33 p.m.
Tags
External References
Description
This analysis discusses the proliferation of botnets constructed through the distribution of malware disguised as legitimate software. These botnets are subsequently leveraged to install additional malware strains, including NiceRAT, a Python-based Remote Access Tool (RAT) capable of collecting system information, browser data, and cryptocurrency wallet details for exfiltration. The report highlights the persistent nature of these botnets, which have been operational since 2019, underscoring the importance of user vigilance when downloading software from untrusted sources.
Date
Published: June 13, 2024, 12:49 p.m.
Created: June 13, 2024, 12:49 p.m.
Modified: June 13, 2024, 1:33 p.m.
Indicators
fd63d9e4472497071b4101d62c1f3e834d725fca746b89cab12b735c06d4a0f8
e4358dfec6b848ffd5cf195a4055a3619c47432170281da3617c7110ec8e9e72
d85538af1e2ee590775bcf2d6cdd5b757eb4eded381f9a3d3c94c81a52534035
bd3c16d921cec78d48c2cf754c35cba2709ffd6a6d0060448c13e7555a52f2cd
a6f0c9651b21dfde3e52b7924b6bfa61bcc506a20bb2bbddc4f89f55e221a29f
944e60676f2c21bfacab34e3f334ebe2a892d4be805acc14fbfcbfccf04a04b4
8e9f7413b29b0d148eb08b28d125059ebe507a58671139191fb9f025c653f9ad
7ab2498402daf3f7474956b601b682ad2b0f52a7a3bc52d1b7b4c9458a39458b
5e2fcbfb7133240712c6de1d075e6e4d82e54b4e9e375bc7bfa4bc3e1d7d667b
358a97499e21af201cb4c310457f730e585824ed8cfb43b09180cd2422ce8bcd
1d10f6c2096d79ec0863a48c13aa6b1b081ae7aef54faf3a54156bff708ce3d2
0ec9008ca4fd463a37d0bdcc6100619d9e28ea2d303951e9e2cb3c0d1446df79
f97123d0450c2a436dff3d4e7c674c366833bcbf4f21ebd387dabba8737d1101
ebe2488e6a5a5e9512d3751ef6ba7e68c08ac072169cf9af0aed74db1f1ef1b0
d58355fed81b0412fb36dff5c210c70b32de67501962df3e350648835e0ae07c
b372d5cadca2b0b212e982615fd8df8a31322651a4057afd701dd075e85dd8e4
c78b22ec1a704a79847ec30404386253b2b2e48563bb7f55ccb8696cb88c60f0
ab5fc09447ea83e7c3f79e8817921eb2170fd2592b8d0f7d03d0934f5dad14e8
787b530fe09cea2be36f78478268eed7dfd62b68b538c62e90f1de1507c8277d
66744784b22d5d1698f9755cdcc226c644aec3a8cd9c551aa7aa5845ed19b614
55f047455519bc3cd96322361a66cd3667293f50811afe16c553382fa443465c
52991b00ba04504a2195d3a12521496170acbc1002176679bf59d3f2890e3d5d
4c25df3edce36c720c3e39d5e3f93ce4035ec7857be76fc4ac9e612168210367
39f06354924b3779b20223a8630a99317786906eb1216e88f2d5f58b3d38cc7f
Attack Patterns
NiceRAT
T1556.003
T1027.004
T1021.004
T1497.003
T1053.005
T1497.001
T1012
T1555
T1071.001
T1518.001
T1489
T1082
T1083
T1570